Information Security Manager

CHAKRADHAR BEVAN CISA

Hyderabad, Telangana, India

linkedin.com/in/chakradhar-bevan-cisa-58ba8522

************@*****.*** +91-993*******

Summary

Chakradhar has over 7 years of experience in Information Security Risk Assessment, SOX Compliance, Risk Remediation &Monitoring, Policy Review & Exception Management, Vendor Risk Management and Third Party Risk Management (SOC1& SOC2) . He has a good understanding of COBIT, NIST, COSO, and ISO 27001, 31000 frameworks. He has also worked on several Internal and External Audit Assignments of SAP and Non-SAP clients.

He also has worked on SAP GRC 10.1 implementation and SAP Security Implementation and Support Projects and has excellent knowledge in profile-based security, Central User Access Administration, Segregation of Duties (SOD), SAP Governance Risk and Compliance.

Experience

Broadridge Financial Solutions

Associate Process Manager

May 2019 - Present (1 year 4 months +)

SOX Compliance Officer and BISO for Finance Division in Broadridge.

Implements and coordinates processes to drive the COSO framework of internal control standards.

Coordinates efforts across multiple departments to ensure internal control requirements are met within required deadlines.

Identify internal control deficiencies and ensures the timely implementation of corrective actions.

Work with the VP Accounting and the Controller to plan, coordinate, and execute the company’s annual audit plan.

Assist in the execution and conclusion of SOX 404 Audits to ensure the adequacy and effectiveness of the internal control environment, and compliance with company policies and procedures.

Conduct walkthroughs on significant processes to ensure the identification of key risks, adequacy of stated controls, and identify the significance of any control gaps.

Plan and execute multiple SOX testing phases for various in-scope locations and areas including both Entity-Level controls and Business Cycle controls to determine control effectiveness and areas for potential improvement.

Drive the mapping of operational processes and key controls and execute a regiment for SOX related testing and documentation.

Support annual risk assessment process with Legal.

Work with business owners and external auditor to ensure the program meets their requirements in terms of scope, timing, and approach.

Provide technical assistance to functional business areas in development, refinement and documentation of internal controls and business process improvements

Ensure all phases of testing are completed and communicated efficiently including planning, fieldwork and reporting.

As necessary, evaluate and assess impact of control deficiencies and identify and execute remediation plans to address control deficiencies with process owners

Perform security reviews on Outsources Service Providers of Broadridge and their third parties

Assists in the development and delivery of SOX training for Finance

BISO – Business Information Security Officer

Provide cybersecurity leadership in securing emerging technologies, such as RPA, Block chain and Artificial

Intelligence in Finance Division.

Review internal and external digital projects and applications for risk and adherence to security policies,

standards, and industry best practices and make appropriate recommendations.

Assess applications and the associated data flow for risk to sensitive data, systems, or infrastructure and drive resolutions through cross-team collaborations.

• Identify, quantify and communicate cyber risks across the organization’s data networks, systems, and

applications and to provide visibility to key stakeholders.

Manage proof-of-concepts and integrations of new security toolsets to enhance controls within the secure

development lifecycle.

Formulate and run internal Finance BCP (Business Continuity) Plans with the help of BISG.

Deloitte

Assistant Manager

Oct 2013 - Apr 2019 (5 years 6 months)

Shell

EAM Controls Lead

The EAM Security Development analyst is a key role within the Enterprise Access Management (EAM) team providing Development and support, and ensuring all security aspects meet stakeholder expectation and full compliance with SOX control framework

Monitoring and execution of various SOX controls for any security related sections to ensure compliance.

Leading a team of 3 from offshore and 4 from onshore (Manila) to ensure smooth control execution in Trading Business line.

Visited on-site (Manila, Philippines) to conduct extensive workshops and training to improve the control execution process.

Ensure the implementation of the SAP and NSAP technical design standards are delivered always.

Ensure the delivery of SAP and NSAP Security related projects whilst providing security expertise and advice. Ensure the expectations of stakeholders are met and communicate effectively.

Conduct design walkthrough with relevant stakeholders and develop relevant controls for new systems.

Develop and implement remediation plans to address audit issues or non-compliance to controls.

Ensure the Internal and External Audit are conducted smoothly.

Special challenges for this role include being able to deliver multiple projects, provide development and 2nd level support across multiple businesses, and working in a virtual environment with business stakeholders, subject matter experts and team members.

AXIS Bank

Risk Assessment

Conducted Risk Assessments for Vendors across India on controls focusing on ISO 27001: 2013

Planning and executing internal Information Security Audits against organizational policies and SOP’s

Understanding the Business process by interacting with Business Owners, Operations and IT Support Teams.

Performed Location level and account level Risk Assessments against customer specific requirements and information security policies

Analyzed the access security controls and provided recommendations to the stake holders to implement necessary access controls.

Recommending Security Controls from Compliance perspective and ensuring the controls are in place as per compliance standards.

Tata Capitals - Mumbai

Audit Consultant

IPE/Report testing on SAP which covers the report logic, parameters to be entered to generate the report, report accuracy and completeness

Interface testing involving timely movement of complete data between two systems and its monitoring.

Testing of Business cycle controls for SAP Application

Ensure concise, precise and clear documentation of the test procedure and results as per Deloitte standards

Involved in communicating deficiency/observation identification in control testing with the client

Perform review of test work and work paper documentation of analysts and executives

ITC-PSPD, Tata Motors

ITGC Audit

Performed General Information Technology Controls (GITC) testing covering major domains like Data Center and Network Operations, System Software Acquisition, Change and Maintenance, Program Change, Access Security and Application System Acquisition, Development and Maintenance for SAP, Oracle and generic applications with the relevant database and Operating system.

Performed SOX ITGC testing for various in-house applications for banking and financial services company as part of SOX compliance for the following areas: User access Management, Backup and Recovery, Change Management along with the approval process and SOD.

Johnson& Johnson

IT Risk Assurance

Reviewing Change Management process as Change Manager in CAB (Change Advisory Board) in Solution Manager 7.1 from the validation perspective for different changes in SAP production systems.

Review and Validate the Change Management process in terms of GxP and Computer System Validation (CSV) according to the best practice in Pharmaceutical domain.

Reviewing SAP Security General Control on access and authorization level and analyzing if it is risk free or not based on the Standard Practice

Consulting the client to control and minimize risks related to SAP Security and helping the client during Audit period to get good feedback with a compliant report from Audit team.

Transport for New South Wales

SAP Security Consultant

Performing support activities for Wave 0 like Identity Management, Business Role and access Management.

Created position based roles in system and aligned them with Org Structure

New role developments and modifications as per the requirements.

Creating a GRC workflow for new user request for access creation and modifications.

New role creation, testing and documenting using HPQC Tool

Firefighter assignment, log review and approvals.

Confirm project documentation (blueprints, configuration documents, functional and technical specifications, etc.) is updated and accessible from a centralized location

Extensively worked on Regression and Reform testing to ensure all functionalities are working as expected

Conducted knowledge transfer sessions across the Project team

East India Hotels, The Oberoi Group

SAP GRC Consultant

Coordinated Client meetings and prepared BBP documents.

Requirement gathering and configuring implementation scenarios to match the business requirements.

Configured ARA, EAM for ECC and CRM backend system.

Prepared test scenarios for UAT documents

Prepared Custom Rulebook for the custom T-codes. Designed, configured and implemented SAP BO Access Controls

10.0, ARA, EAM and ARM.

Requirement gathering and configuring implementation scenarios to match the business requirements.

Configured Satellite Systems to communicate the GRC Server and ECC systems.

Configuring MSMP Workflows

Performed User & Role analysis to identify existing SoD violations.

Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles.

Performed remediation and mitigation against various risks associated with roles and users.

Experienced in creating and assigning FF ID’s and extracting Fire Fighter logs. Configured Org Rules and Supplementary Rules to eliminate false positives.

Performed unit testing and integration testing for ARA and EAM

Took part in Mock cutover activities.

Achievements

Broadridge

Successfully completed SOX Testing for the FY’20 with Major improvements in business process and IT Landscape that was noted and appreciated by senior management.

Deloitte

Outstanding Performance Award (2017-2018) for demonstrating outstanding collaboration with Team members, Quality engagement Execution and Efforts resulting in Innovation/Creation of new Solution.

Received special appreciation from Client in helping them streamlining their control execution and remediation activities in Trading Business line.

Received Busy season award for demonstrating excellence in Audit Engagement.

Received appreciations from the Management for developing process improvement tools in SAP Engagement

Received appreciations from the client for proactive participation and for timely deliverables on an Implementation Engagement.

Actively participated in several Firm sponsored events and office activities

Education

Jawaharlal Nehru Technological University

Bachelor's degree, Computer Science

2007 - 2011

Licenses & Certifications

SAP Certified GRC Access Control 10 Consultant - SAP

Certified Information Systems Auditor® (CISA) - ISACA

Issued Jun 2019 - Expires Jan 2023

AWS Security Fundamentals (Second Edition) - Amazon Web Services (AWS)

Cybersecurity Foundations - LinkedIn

Cybersecurity with Cloud Computing - LinkedIn

Contact this candidate